From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12smp i686; Nav) Description of problem: There is an incredibly serious problem with vipw in util-linux 2.10s on Redhat 7.1. If you edit the /etc/shadow or /etc/gshadow files, vipw actually creates a copy in /etc (or somewhere), and lets you edit that. Afterwards, it copies it back to the normal location. However, it doesn't set the permissions correctly, resulting in a world-readable /etc/shadow, allowing brute force attacks. How reproducible: Always Steps to Reproduce: 1. Run vipw 2. Do some random change (insert and delete space, whatever), then save 3. Say yes when promted to edit /etc/shadow 4. Do another random change 5. /etc/shadow now has mode 644 Actual Results: [root@caliper /root]# ls -l /etc/shadow -rw------- 1 root root 847 Jul 11 15:42 /etc/shadow [root@caliper /root]# vipw <here I'm editing /etc/passwd> You are using shadow passwords on this system. Would you like to edit /etc/shadow now [y/n]? y <here I'm editing /etc/shadow> [root@caliper /root]# ls -l /etc/shadow -rw-r--r-- 1 root root 847 Jul 11 15:48 /etc/shadow [root@caliper /root]# Expected Results: /etc/shadow and /etc/gshadow should always be 600. Additional info: At first I thought that vipw was just ignoring my umask, which would be bad enough but at least it's an easy fix. (make sure root's umask is always 077). However, even with a umask of 077, the file is created mode 644. This problem was also observed on a Mandrake 8.0 system with util-linux 2.11d
working on it, thanks!
Fixed in the errata.